@omega Interesting topic indeed. I'm a security expert and head of IT by trade (also Chief Information Security Officer), and Log4j is one of those vulnerabilities that is so encompassing and wide ranging, I'd frankly be shocked if there was even one single organisation on the planet that was not impacted by it.
The implications of this vulnerability are extensive - if you consider the "3 billion devices run Java" then that also equates to "3 billion devices vulnerable to Log4j". Even that equipment you didn't think uses Log4j probably does.
Whichever way you look at it, this is going to take organisations months to remediate because of the scale - and to make matters worse, some vendors will not release patches or fixes for their platforms until Q1 2022 
If anyone is looking to get a list of known IP addresses to be leveraging this vulnerability, that can be found here
If anyone on here requires advice or support, I'm happy to provide that via https://sudonix.com (which of course is my NodeBB community :))